I see a potentially very unfortunate Barracuda limitation in regards to defining backend real servers.
It seems as if these servers MUST be defined by IP address and that DNS names are not allowed.
If true, this is highly problematic for the case of backend servers that are behind a load balancer.
To be clear, in a very typical "WAF Sandwich" scenario, I'd be looking to do this:
AWS ELB (public facing) <--> Barracuda WAF <--> AWS ELB (internal) <--> Backend Webservers (in an autoscaling group)
The problem is that the internal ELB (the load balancer in front of the backend servers) needs to be pointed at via DNS, not by hard IPs, because the hard IPs for the ELB can and will change without warning.
It's hard for me to believe that this (common) pattern is not possible with Barracuda WAF, but that seems to me to be the case. Am I missing something?
If not, I believe this would deem Barracuda unviable for me (and I would imagine others) in AWS.